Simple question: what would be the mitigation against any security threats in the randomly-bought off-the-shelf products? E.g. In a case there is a general hardware exploit that isn't targeted to Monzo explicitly, but since you've bought that item (e.g. A router) there is a possible attack vector.

A few things:

- Since all the components we purchase are kept air-gapped, you'd need to already be on a machine in the air-gapped system (which isn't assembled and powered on except when we need to deal with key material) to exploit a vulnerability

- We're keeping things as minimal as possible in what we trust from coming out a store, for example if we purchase a Laptop we gut it of most of its components before it goes near our key material, Laptop's dont need batteries (or even CMOS batteries) to run basic live systems so they're going out.

- Compromising one part of the system won't let you sneak private key materials out on its own by-design, the part we've tried to make the hardest is exfiltration, the only material that leaves the air-gapped system leaves either as QR codes on a screen or on CD-R drives that we keep for years in a safe in their own tamper evident bags. This is all part of an effort to try and make sneaking private material out (even if you had full control of the system) as difficult as possible to do without being detected.

Have you gone fully paranoid and your air-gaped system is in a Faraday cage inside an anechoic chamber? Things like bus radio [1], coil whine and power fluctuations can be used (it has been shown) to exfiltrate data.

[1] https://github.com/fulldecent/system-bus-radio